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DETAILED ACTION 

1 . Claims 1 and 3-28 are pending in this office action. 

Rejections 

2. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim Rejections - 35 USC § 103 

3. Claims 1. 3-9. 13-18. 20-22. and 24-28 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Urata (U.S. Patent No. 6,799,272) in view of Corcoran (David 
Corcoran, Muscle Flexes Smart Cards into Linux, Source Linux Journal archive, August 
1998, Article No. 8), and further in view of Schneier. "Applied Cryptography: Protocols, 
Algorithms, and Source Code in C." Second Edition, pps. 466-474 (hereinafter 
Schneier). 

Regarding claim 1 . Urata teaches a method/computer readable medium for 
preventing counterfeiting and cloning of smart cards, comprising: 

• Providing a smart card with a cryptographic structure for authorizing the smart 
card which cannot be accessed completely by a predetermined small number of 
readings (col. 2, lines 32-52). 
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Urata does not teach wherein said cryptographic structure can be built only by 
whoever emits the card or an agent thereof or providing a reader for reading said smart 
card including a database holding information related to unauthorized smart cards, said 
reader being on-line, such that said reader is operatively connected to a network, only 
when said database of said reader is being updated by said network, wherein said 
reader includes a random number generator. 

Corcoran teaches wherein said cryptographic structure can be built only by 
whoever emits the card or an agent thereof (page 3, third bullet, biometrics or a PIN 
verify an agent of the card) and providing a reader for reading said smart card including 
a database holding information related to unauthorized smart cards, said reader being 
on-line, such that said reader is operatively connected to a network, only when said 
database of said reader is being updated by said network (page 3, fourth bullet, 
discussing obtaining a public key from a database), and wherein said reader includes 
a random number generator (page 3, second bullet, transmitting random numbers 
from the card reader to the card). Corcoran also teaches that card readers can be 
computers in and of themselves or linked to a computer by a connection of some sort 
(page 3 and 4, MORE ABOUT CARD READERS). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine wherein said cryptographic structure can be built only 
by whoever emits the card or an agent thereof and providing a reader including a 


{ 
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database of unauthorized smart cards, said reader being online and connected to a 
network only when said reader is being updated, as taught by Corcoran , with the 
system of Urata . It would have been obvious for such modifications because the off-line 
version of the blacklist provides a listing of all users who are intruders; the periodic 
updating allows a newer list of intruders to be known. Also, because keeping the 
cryptographic structure secret to only those who emit the card prevents someone from 
counterfeiting a smart card. 

The combination of Urata as modified by Corcoran still does not teach when a 
card is read, chooses a pair (a, b) of distinct numbers with a < b between 1 and N. 

Schneier teaches when a card is read, chooses a pair (a, b) of distinct 
numbers with a < b between 1 and N (a step of an RSA algorithm, choose two prime 
numbers, page 467). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine reading a pair of distinct numbers from the card, as 
taught by Schneier . with the system of Urata/Corcoran . It would have been obvious for 
such modifications because this allows the reader to create random numbers to 
authenticate the smart card through challenge-response, as is commonly done in 
systems where a server device authenticates a client device (see page 3, second bullet 
of Corcoran). 


Application/Control Number: 09/685,026 Page 5 

Art Unit: 2136 

Regarding claims 3 and 25 , the combination of Urata as modified by Corcoran 
/Schneier teaches wherein an entire/substantial process of said method is performable 
off-line (see page 2, last paragraph talking about cash cards of Corcoran). 

Regarding claim 4 . the combination of Urata as modified by Corcoran/Schneier 
teaches wherein said smart card carries thereon predetermined N channels as C1, C2, 

CN, where N is an integer, wherein each channel Ci, with i equal to 1 , 2, .... N, 
carries a pair of numbers (hi, li), and wherein hi is the i th high number and li is the i th low 
number (see col. 2, lines 32-52 and fig. 1, ref. num 106, 128, and 142 of Urata). 

Regarding claim 5 , applicant's admitted prior art teaches further comprising using 
public key cryptography with associated encoding and decoding functions Vi and Vi' 1 in 
each channel i, wherein each function Vi" 1 is known publicly, and Vi is known only to a 
predetermined party representing an owner of the smart card (see page 6, lines 1-5 of 
applicants disclosure). 

Regarding claim 6 . applicant's admitted prior art teaches wherein for each i in 1 , 
2, ... , N, the pair (hi, li) is such that hi = Vi(li), or hi = Vi(K(li)), where K represents a 
publicly-known cryptographic hash function, and wherein each li contains a plurality of 
symbols for redundancy (see page 6, lines 6-8 of applicants disclosure). 


Application/Control Number: 09/685,026 Page 6 

Art Unit: 2136 

Regarding claim 7 , the combination of Urata as modified by Corcoran/Schneier 
teaches further comprising processing, using an invertible function f which is made 
public, such that the low numbers in said smart card satisfy l(i+j) = f'(li), where f" 
represents the j th iteration of the function f (see col. 5, line 48 through col. 6, line 25 of 
Urata). 

Regarding claim 8 , the combination of Urata as modified by Corcoran/Schneier 
teaches: 

• Wherein before processing the smart card, the reader obtains the pair (ha, la) 
and hb (a step of an RSA algorithm, choose two prime numbers, see page 467 of 
Schneier); 

• Using the public keys Va- 1 and Vb- 1 , checking by the reader whether the pairs 
(ha, la) and (hb, lb) are compatible, and, consequently, that the numbers ha, la, 
and hb belong to a same legitimate card (a step of an RSA algorithm, see page 
467 of Schneier). 

Regarding claim 9 . the combination of Urata as modified by Corcoran/Schneier 
teaches wherein said reader obtains a content of only two of said channels (see col. 2, 
lines 37-47 of Urata). 
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Regarding claim 13 , the combination of Urata as modified by Corcoran/Schneier 
teaches wherein said cryptographic structure is changed periodically (see col. 6, lines 
33-42 of Urata). 

Regarding claim 14 , the combination of Urata as modified by Corcoran/Schneier 
teaches wherein said smartcard is invalidated after a predetermined time of usage (see 
page 2, last paragraph of Corcoran, cash cards are well known in the art to expire after 
a certain period of time). 

Regarding claim 15 , the combination of Urata as modified by Corcoran/Schneier 
teaches wherein said pairs (hi, li) to be contained on the smart card are generated by: 

• Choosing a prefix of 11 once for all transactions, or changed whenever needed, 
wherein said prefix is publicly known (a step of an RSA algorithm, see page 467 
of Schneier); and 

• Providing a sequence, such that the sequence is generated so that a same 
number is not chosen twice, and so that corresponding other li's are not chosen 
as new Ms (a step of an RSA algorithm, see page 467 of Schneier). 

Regarding claim 16 , the combination of Urata as modified by Corcoran/Schneier 
teaches further comprising: 

• Concatenating the prefix and the sequence to form 11 (a step of an RSA 
algorithm, forming the product of two primes, see page 467 of Schneier); and 


Application/Control Number: 09/685,026 Page 8 

Art Unit: 2136 

• Choosing a function f which is invertible and is publicly known, to construct 12 = 
f(H ), 13 f(l2), and so forth (a step of an RSA algorithm, use Euclidean algorithm 
on two primes, see page 467 of Schneier). 

Regarding claim 17 , the combination of Urata as modified by Corcoran/Schneier 
teaches wherein the function f is chosen to be the identity map, in which case 11 = 12 = 
13 = ... =IN (a step of an RSA algorithm, where the message is encrypted in blocks, 
where the same encryption method is used for each block, see page 467 of Schneier). 

Regarding claim 18 . the combination of Urata as modified by Corcoran/Schneier 
teaches choosing, for a number N, N public key-private key pairs, such that a first 
private key V1 is for computing hi = V1 (11), a second private key V2 is for computing 
h2 = V2(I2), and so on (a step of an RSA algorithm, where the message is encrypted in 
blocks, see page 467 of Schneier). 

Regarding claim 20 . the combination of Urata as modified by Corcoran/Schneier 
teaches wherein, when the smart card is read by said reader, a random generator is 
prompted which provides two integer numbers, a and b, which are not between 1 and N, 
with a < b (a step of an RSA algorithm, see page 467 of Schneier). 


Regarding claim 21 . the combination of Urata as modified by Corcoran/Schneier 
teaches wherein said numbers a, b are transmitted to the smart card which delivers two 
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high numbers ha, hb, and a low number la in a channel a, and wherein the pair (a, b), 
together with a function f in a memory in the reader, are used to compute the low 
number lb=f (b " a) (la) 1 said memory in said reader delivering public keys Va' 1 and Vb' 1 (a 
step of an RSA algorithm, see page 467 of Schneier). 

Regarding claim 22 . the combination of Urata as modified by Corcoran/Schneier 
teaches wherein the public keys are used by a comparator together with the pairs (ha, 
la) and (hb, lb), to verify that the pairs are compatible with the corresponding keys, and 
that the pairs are from a same legitimate card (a step of an RSA algorithm, see page 
467 of Schneier). 

Regarding claim 24 . the combination of Urata as modified by Corcoran/Schneier 
teaches a method of preventing counterfeiting of a smart card, as explained above with 
the rejection of claims 1 and 8, further comprising: 

• Providing a smart card such that none of confidential information and a 
cryptographic key for authorizing the smart card, is carried on the smart card 
(see col. 2, lines 32-52 of Urata); 

• Reading said card by a reader such that in each reading, said reader reads only 
a predetermined small amount of information which makes the card unique (see 
col. 2, lines 32-52 of Urata). 
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Regarding claim 26 . the combination of Urata as modified by Corcoran/Schneier 
teaches a system for preventing cloning of a smart card, comprising a smart card such 
that a cryptographic structure for authorizing the smart card is not carried on the smart 
card (see col. 2, lines 32-52 of Urata). 

Regarding claim 27 . the combination of Urata as modified by Corcoran/Schneier 
teaches a method/computer readable medium for preventing counterfeiting and cloning 
of smart cards, as explained above with the rejection of claims 1 and 8, further 
comprising providing a smart card with a cryptographic structure for authorizing the 
smart card which cannot be accessed completely by a predetermined small number of 
readings (see col. 2, lines 32-52 of Urata). 

Regarding claim 28 . the combination of Urata as modified by Corcoran/Schneier 
teaches wherein information stored on said smart card is devoid of confidential 
information (see col. 2, lines 32-52 of Urata). 

Claims 10-12. 19. and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Urata (US '272) in view of Corcoran (Muscle Flexes Smart Cards into 
Linux) and Schneier , and further in view of Maillard et al. (U.S. Patent No. 6,466,671 ). 


Regarding claim 10 . the combination of Urata as modified by Corcoran/Schneier 
teaches all the limitations of claim 1 , above. However, they fail to teach further 
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comprising periodically communicating, by said reader of said smart card, with a 
database where a predetermined characteristic of the card is checked. 

Maillard et al. teaches further comprising periodically communicating, by said 
reader of said smart card, with a database where a predetermined characteristic of the 
card is checked (col. 14, lines 4-6). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine periodically communicating with a database, as taught 
by Maillard et al. , with the system of Urata/Corcoran/Schneier . It would have been 
obvious for such modifications because the periodic check ensures that the current card 
isn't blacklisted. 

Regarding claim 11 , the combination of Urata as modified by 
Corcoran/Schneier/Maillard et al. teaches wherein the predetermined characteristic 
comprises whether a smart card has delivered more than a predetermined amount of 
money to a user of the smart card (see col, 13, lines 60-67 of Maillard et al.). 

Regarding claim 12 , the combination of Urata as modified by 
Corcoran/Schneier/Maillard et al. teaches wherein if a card is detected as delivering too 
much money, the database communicates a corresponding number 11 to all readers in a 
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network, so that smart cards carrying said corresponding number are declined (see col. 
14, lines 12-16 of Maillard et al.). 

Regarding claim 19 , the combination of Urata as modified by 
Corcoran/Schneier/Maillard et al. teaches further comprising: 

• Verifying whether the smart card is authentic (digital signature of an RSA 
algorithm, see page 473 of Schneier); and 

• Checking whether the smart card is not in a list of cards to be refused (see col. 
14, lines 4-6 of Maillard et al.). 

Regarding claim 23 , the combination of Urata as modified by 
Corcoran/Schneier/Maillard et al. teaches further comprising performing a final 
validation of the smart card by at least one of: 

• Contacting a central database if an entire transaction is made on-line with no 
penalty (see X of Maillard et al.); and 

• Checking with a local database in said reader, said local database being 
refreshed periodically by contact between said local database and said central 
database (see page 3, fourth bullet of Corcoran). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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